Description
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15037
Third Party Advisory, US Government Resource third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/o-077.shtml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3903
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A801
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A800
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A704
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9624
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-006
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A802
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/445214
Scores
EPSS
0.1210
EPSS Percentile
95.7%
Details
CWE
CWE-20
Status
published
Products (8)
microsoft/windows_2000
(5 CPE variants)
microsoft/windows_2003_server
microsoft/windows_2003_server
enterprise
microsoft/windows_2003_server
enterprise_64-bit
microsoft/windows_2003_server
r2
microsoft/windows_2003_server
standard
microsoft/windows_2003_server
web
microsoft/windows_nt
4.0 (23 CPE variants)
Published
Mar 03, 2004
Tracked Since
Feb 18, 2026